Command Injection Vulnerability in Alpine iLX-507 by Alpine Electronics
CVE-2025-8480

8HIGH

Key Information:

Vendor

Alpine

Status
Vendor
CVE Published:
1 August 2025

What is CVE-2025-8480?

The vulnerability in Alpine iLX-507 stems from a critical flaw in the Tidal music streaming application, where user-supplied strings are not adequately validated before execution in system calls. This allows an attacker, positioned on the same network, to exploit the vulnerability and execute arbitrary code on the device without the need for authentication, potentially compromising the device's functionality and user data.

Affected Version(s)

iLX-507 6.0.000

References

CVSS V3.0

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.